Revision as of 13:01, 7 September 2008

Classical first-order logic has the pleasant property that a formula can be reduced to an elegant implicative normal form through a series of syntactic simplifications. Using these transformations as a vehicle, this article demonstrates how to use Haskell’s type system, specifically a variation on Swierstra’s “Data Types à la Carte” method, to enforce the structural correctness property that these constructors are, in fact, eliminated by each stage of the transformation.

1 First-Order Logic

Consider the optimistic statement “Every person has a heart.” If we were asked to write this formally in a logic or philosophy class, we might write the following formula of classical first-order logic:

If asked to write the same property for testing by QuickCheck {quickcheck}, we might instead produce this code:

These look rather different. Ignoring how some of the predicates moved into our types, there are two other transformations involved. First, the universally quantified p has been made a parameter, essentially making it a free variable of the formula. Second, the existentially quantified h has been replaced by a function |heart| that, for any person, returns their heart. How did we know to encode things this way? We have performed first-order quantifier elimination in our heads!

This idea has an elegant instantiation for classical first-order logic which (along with some other simple transformations) yields a useful normal form for any formula. This article is a tour of the normalization process, implemented in Haskell, using a number of Haskell programming tricks. We will begin with just a couple of formal definitions, but quickly move on to “all code, all the time.”

First, we need the primitive set of terms t, which are either variables x or function symbols f applied to a list of terms (constants are functions of zero arguments).

We will successively convert a closed (no free variables) first-order logic formula into a series of equivalent formulae, eliminating many of the above constructs. Eventually the result will be in implicative normal form, in which the placement of all the logical connectives is strictly dictated, such that it does not even require a recursive specification. Specifically, an implicative normal form is the conjunction of a set of implications, each of which has a conjunction of terms on the left and a disjunction of terms on the right:

The normal form may be very large compared to the input formula, but it is convenient for many purposes, such as using Prolog’s resolution procedure or an SMT (Satisfiability Modulo Theories) solver. The following process for normalizing a formula is described by Russell and Norvig {Russell2003} in seven steps:

Eliminate implications.

Move negations inwards.

Standardize variable names.

Eliminate existential quantification, reaching Skolem normal form.

Eliminate universal quantification, reaching prenex formal form.

Distribute boolean connectives, reaching conjunctive normal form.

Gather negated atoms, reaching implicative normal form.

Keeping in mind the pattern of systematically simplifying the syntax of a formula, let us consider some Haskell data structures for representing first-order logic.

1.1 A Natural Encoding

Experienced Haskellers may translate the above definitions into the following Haskell data types immediately upon reading them:

data Term = Const String [Term]
| Var String

We will reuse the constructor names from |FOL| later, though, so this is not part of the code for the demonstration.

1.2 Higher-Order Abstract Syntax

While the above encoding is natural to write down, it has drawbacks for actual work. The first thing to notice is that we are using the |String| type to represent variables, and may have to carefully manage scoping. But what do variables range over? Terms. And Haskell already has variables that range over the data type |Term|, so we can re-use Haskell’s implementation; this technique is known as higher-order abstract syntax (HOAS).

In a HOAS encoding, the binder of the object language (the quantifiers of first-order logic) are implemented using the binders of the metalanguage (Haskell). For example, where in the previous encoding we would represent as |Exists "x" (Const "P" [Var "x"])| we now represent it with |Exists ( -> (Const "P" [x]))|. And our example becomes:

Since the variables |p| and |f| have taken the place of the |String| variable names, Haskell’s binding structure now ensures that we cannot construct a first-order logic formula with unbound variables, unless we use the |Var| constructor, which is still present because we will need it later. Another important benefit is that the type now expresses that the variables range over the |Term| data type, while before it was up to us to properly interpret the |String| variable names.

Modify the code of this article so that the |Var| constructor is not introduced until it is required in stage 5.

1.3 Data Types à la Carte

But even using this improved encoding, all our transformations will be of type |FOL -> FOL|. Because this type does not express the structure of the computation very precisely, we must rely on human inspection to ensure that each stage is written correctly. More importantly, we are not making manifest the requirement of certain stages that the prior stages’ transformations have been performed. For example, our elimination of universal quantification is only a correct transformation when existentials have already been eliminated. A good goal for refining our type structure is to describe our data with types that reflect which connectives may be present.

Swierstra proposes a technique {dtalc} whereby a variant data type is built up by mixing and matching constructors of different functors using their coproduct |(:+:)|, which is the “smallest” functor containing both of its arguments.

The |:+:| constructor is like |Either| but it operates on functors. This difference is crucial – if |f| and |g| represent two constructors that we wish to combine into a larger recursive data type, then the type parameter |a| represents the type of their subformulae.

To work conveniently with coproducts, we define a type class |:<:| that implements subtyping by explicitly providing an injection from one of the constructors to the larger coproduct data type. There are some technical aspects to making sure current Haskell implementations can figure out the needed instances of |:<:|, but in this example we need only Swierstra’s original subsumption instances, found in Figure fig:Subsumption. For your own use of the technique, discussion on Phil Wadler’s blog {wadler-dtalc} and the Haskell-Cafe mailing list {haskell-cafe-dtalc} may be helpful.

If the above seems a bit abstract or confusing, it will become very clear when we put it into practice. Let us immediately do so by encoding the constructors of first-order logic in this modular fashion.

data TT a = TT
data FF a = FF
data Atom a = Atom String [Term]
data Not a = Not a
data Or a = Or a a
data And a = And a a
data Impl a = Impl a a
data Exists a = Exists (Term -> a)
data Forall a = Forall (Term -> a)

Each constructor is parameterized by a type |a| of subformulae; |TT|, |FF|, and |Atom| do not have any subformulae so they ignore their parameter. Logical operations such as |And| have two subformulae. Correspondingly, the |And| constructor takes two arguments of type |a|.

The compound functor |Input| is now the specification of which constructors may appear in a first-order logic formula.

The final step is to “tie the knot” with the following |Formula| data type, which generates a recursive formula over whatever constructors are present in its functor argument |f|.

data Formula f = In { out :: f (Formula f) }

If you have not seen this trick before, that definition may be hard to read and understand. Consider the types of |In| and |out|.

In :: f (Formula f) -> Formula f
out :: Formula f -> f (Formula f)

Observe that | In.out = = out.In = = id | . This pair of inverses allows us to “roll” and “unroll” one layer of a formula in order to operate on the outermost constructor. Haskell does this same thing when you pattern-match against “normal” recursive data types. Like Haskell, we want to hide this rolling and unrolling. To hide the rolling, we define some helper constructors, found in Figure fig:FOLboilerplate, that inject a constructor into an arbitrary supertype, and then apply |In| to yield a |Formula|.

To hide the unrolling, we use the fact that a fixpoint of a functor comes with a fold operation, or catamorphism, which we will use to traverse a formula’s syntax. The function |foldFormula| takes as a parameter an algebra of the functor |f|. Intuitively, |algebra| tells us how to fold “one layer” of a formula, assuming all subformulae have already been processed. The fixpoint then provides the recursive structure of the computation once and for all.

We are already reaping some of the benefit of our “à la carte” technique: The boilerplate |Functor| instances in Figure fig:FOLboilerplate are not much larger than the code of |foldFormula| would have been, and they are defined modularly! Unlike a monolithic |foldFormula| implementation, this one function will work no matter which constructors are present. If the definition of |foldFormula| is unfamiliar, it is worth imagining a |Formula f| flowing through the three stages: First, |out| unrolls the formula one layer, then |fmap| recursively folds over all the subformulae. Finally, the results of the recursion are combined by |algebra|.

A TeX pretty-printer is included as an appendix to this article. To make things readable, though, I’ll doctor its output into a nice table, and remove extraneous parentheses. But I won’t rewrite the variable names, since variables and binding are a key aspect of managing formulae. By convention, the printer uses c for existentially quantified variables and x for universally quantified variables.

We take a formula containing all the constructors of first-order logic, and return a formula built without use of |Impl|. The way that |elimImp| does this is by folding the algebras |elimImpAlg| for each constructor over the recursive structure of a formula.

The function |elimImpAlg| we provide by making each constructor an instance of the |ElimImp| type class. This class specifies for a given constructor how to eliminate implications – for most constructors this is just the identity function, though we must rebuild an identical term to alter its type. Perhaps there is a way to use generic programming to eliminate the uninteresting cases.

Design a solution where only the |Impl| case of |elimImpAlg| needs to be written.

3 Stage 2 – Move Negation Inwards

Now that implications are gone, we are left with entirely symmetrical constructions, and can always push negations in or out using duality:

Our eventual goal is to move negation all the way inward so it is only applied to atomic predicates. To express this structure in our types, we define a new constructor for negated atomic predicates as well as the type for the output of Stage 2:

One could imagine implementing duality with a multi-parameter type class that records exactly the dual of each constructor, as

class (Functor f, Functor g) => Dual f g where
dual :: f a -> g a

Unfortunately, this leads to a situation where our subtyping must use the commutativity of coproducts, which it is incapable of doing as written. For this article, let us just define an algebra to dualize a whole formula at a time.

Now perhaps the pattern of these transformations is becoming clear. It is remarkably painless, involving just a little type class syntax as overhead, to write these functor algebras. The definition of |pushNotInwards| is another straightforward fold, with a helper type class |PushNot|. I’ve separated the instance for |Not| since it is the only one that does anything.

Encode a form of subtyping that can reason using commutativity of coproducts, and rewrite the |Dualize| algebra using a two-parameter |Dual| type class as described above.

4 Stage 3 – Standardize variable names

To “standardize” variable names means to choose nonconflicting names for all the variables in a formula. Since we are using higher-order abstract syntax, Haskell is handling name conflicts for now. We can immediately jump to stage 4!

5 Stage 4 – Skolemization

It is interesting to arrive at the definition of Skolemization via the Curry-Howard correspondence. You may be familiar with the idea that terms of type |a -> b| are proofs of the proposition “a implies b”, assuming |a| and |b| are interpreted as propositions as well. This rests on a notion that a proof of |a -> b| must be some process that can take a proof of |a| and generate a proof of |b|, a very computational notion. Rephrasing the above, a function of type |a -> b| is a guarantee that for all elements of type |a|, there exists a corresponding element of type |b|. So a function type expresses an alternation of a universal quantifier with an existential. We will use this to replace all the existential quantifiers with freshly-generated functions. We can of course, pass a unit type to a function, or a tuple of many arguments, to have as many universal quantifiers as we like.

Suppose we have , then in general there may be many choices for z, given a particular x and y. By the axiom of choice, we can create a function f that associates each pair with a corresponding z arbitrarily, and then rewrite the above formula as . Technically, this formula is only equisatisfiable, but by convention I’m assuming constants to be existentially quantified.

So we need to traverse the syntax tree gathering free variables and replacing existentially quantified variables with functions of a fresh name. Since we are eliminating a binding construct, we now need to reason about fresh unique names.

Today’s formulas are small, so let us use a naïve and wasteful splittable unique identifier supply. Our supply is an infinite binary tree, where moving left prepends a |0| to the bit representation of the current counter, while moving right prepends a |1|. Hence, the left and right subtrees are both infinite, nonoverlapping supplies of identifiers. The code for our unique identifier supplies is in Figure fig:unq.

Launchbury and Peyton-Jones {launchbury95state} have discussed how to use the |ST| monad to implement a much more sophisticated and space-efficient version of the same idea.

The helper algebra for Skolemization is more complex than before because a |Formula Stage2| is not directly transformed into |Formula Stage4| but into a function from its free variables to a new formula. On top of that, the final computation takes place in the |Supply| monad because of the need to generate fresh names for Skolem functions. Correspondingly, we choose the return type of the algebra to be |[Term] -> Supply (Formula Stage4)|. Thankfully, many instances are just boilerplate.

In the case for a universal quantifier , any existentials contained within φ are parameterized by the variable x, so we add x to the list of free variables and Skolemize the body φ. Implementing this in Haskell, the algebra instance must be a function from |Forall (Term -> [Term] -> Supply (Formula Stage4))| to |[Term] -> Supply (Forall (Term -> Formula Stage4))|, which involves some juggling of the unique supply.

From the recursive result |phi|, we need to construct a new body for the |forall| constructor that has a pure body: It must not run in the |Supply| monad. Yet the body must contain only names that do not conflict with those used in the rest of this fold. This is why we need a moderately complex |UniqueSupply| data structure: To break off a disjoint-yet-infinite supply for use by |evalState| in the body of a |forall|, restoring purity to the body by running the |Supply| computation to completion.

Finally, the key instance for existentials is actually quite simple – just generate a fresh name and apply the Skolem function to all the arguments |xs|. The application |phi (Const name xs)| is how we express replacement of the existentially bound term with |Const name xs| with higher-order abstract syntax.

After folding the Skolemization algebra over a formula, Since we are assuming the formula is closed, we apply the result of folding |skolemAlg| to the empty list of free variables. Then the resulting |Supply (Formula Stage4)| computation is run to completion starting with the |initialUniqueSupply|.

In the first line, Skol2 maps a person to a food they don’t eat. In the second line, Skol6 maps a food to a person who doesn’t eat it.

In the definition of |skolemAlg|, we use |liftM2| to thread the |Supply| monad through the boring cases, but the |(->) [Term]| monad is managed manually. Augment the |(->) [Term]| monad to handle the |Forall| and |Exists| cases, and then combine this monad with |Supply| using either |StateT| or the monad coproduct {monad-coproduct}.

6 Stage 5 – Prenex Normal Form

Now that all the existentials have been eliminated, we can also eliminate the universally quantified variables. A formula is in prenex normal form when all the quantifiers have been pushed to the outside of other connectives. We have already removed existential quantifiers, so we are dealing only with universal quantifiers. As long as variable names don’t conflict, we can freely push them as far out as we like and commute all binding sites. By convention, free variables are universally quantifed, so a formula is valid if and only if the body of its prenex form is valid. Though this may sound technical, all we have to do to eliminate universal quantification is choose fresh names for all the variables and forget about their binding sites.

7 Stage 6 – Conjunctive Normal Form

Now all we have left is possibly-negated atomic predicates connected by and . This second-to-last stage distributes these over each other to reach a canonical form with all the conjunctions at the outer layer, and all the disjunctions in the inner layer.

At this point, we no longer have a recursive type for formulas, so there’s not too much point to re-using the old constructors.

8 Stage 7 – Implicative Normal Form

There is one more step we can take to remove all those aethetically displeasing negations in the |CNF| result above, reaching the particularly elegant implicative normal form. We just gather all negated literals and push them to left of an implicit implication arrow, i.e. utilize this equivalence:

10 Remarks

Freely manipulating coproducts is a great way to make extensible data types as well as to express the structure of your data and computation. Though there is some syntactic overhead, it quickly becomes routine and readable. There does appear to be additional opportunity for scrapping boilerplate code. Ideally, we could elminate both the cases for uninteresting constructors and all the “glue” instances for the coproduct of two functors. Perhaps given more first-class manipulation of type classes and instances {typeclasses} we could express that a coproduct has only one reasonable implementation for any type class that is an implemention of a functor algebra, and never write an algebra instance for |(:+:)| again.

Finally, Data Types à la Carte is not the only way to implement coproducts. In Objective Caml, polymorphic variants {ocaml-variants} serve a similar purpose, allowing free recombination of variant tags. The HList library {hlist} also provides an encoding of polymorphic variants in Haskell.

11 About the Author

Kenneth Knowles is a graduate student at the University of California, Santa Cruz, studying type systems, concurrency, and parallel programming. He maintains a blog of mathematical musings in Haskell at http://kennknowles.com/blog

{Kenn}

12 Appendix – Printing

We need to lift all the document operators into the freshness monad. I wrote all this starting with a pretty printer, so I just reuse the combinators and spit out TeX (which doesn’t need to actually be pretty in source form).